Privacy Policy

We are committed to safeguarding the privacy of all our customers.

This policy outlines how we handle personal information.

Lawful basis

The lawful basis for most of our activity as a Data Controller is driven the mutual intent to create and fulfil a contract with our customers, which will include a reasonable period during which there is relevant contact and marketing activity. There may be times when a contract is not created with potential customers and we may still process personal information for marketing purposes. However, in these instances we will have asked for specific consent.

Our privacy framework

As part of our commitment to ensure the protection of your personal information we adopt the following privacy principles which ensure personal information remains private and is processed lawfully:
  • We will only request and store the personal information we require to provide you with our products and services, including those you may be interested in, or where we have a legal obligation
  • We will only request and store special category personal information, including health and financial information when you request a related service or where we have a legal obligation
  • We will only share information with third parties as set out within this policy
  • We will use personal information provided to us in accordance with this privacy policy

What Information do we collect?

We may collect and store the following types of personal data:
  • Information about the use of our websites (including your IP address, geographical location, browser type, referral source, length of visit and number of page views)
  • Information that you provide to us for the purpose of engaging our products and services and when requesting contact from us (including name, email address, date of birth, address and telephone number)
  • Any other information that you choose to send to us
  • Special category information required to provide requested services, including financial products, and health-related information allowing us to facilitate special considerations and facilitate our equal opportunities policy, conviction information where required for safeguarding and by law
  • Information about learning journeys including examination and qualification results

Special category data

Some of our courses carry a duty of care which requires us to ask about health conditions that might be affected. There is no obligation for you to provide health information to us, but it may affect the service we can make available and any subsequent recourse. In line with The Rehabilitation of Offenders Act 1974 (Exceptions) Order 1975 we may require you to disclose offences related to sexual or violent offences, when your training or placement will bring you into contact with persons under the age of 18 or vulnerable adults.

How we use personal information

We will use personal information to:
  • Contact you regarding your application or enquiry
  • Provide you with our products and services, including passing necessary information to third parties who form part of the products or services. We may not be able to provide products or services if you do not disclose the required personal information
  • Given the lawful basis detailed above: provide marketing communications, relating to our business, which are relevant to the product and service engaged by yourself. This may be by post, email or similar technology.
  • Provide and service financial products, including but not limited to, application for credit, account maintenance, notification of changes to accounts, debt collection, and legally or regulatory required communications
  • Administer our website
  • Provide third parties with statistical information about our users – this information will never be provided in a format which can be used to identify any individual
  • Handle customer learning journeys including enquiries and complaints
  • Analyse and profile your information to identify trends and to tailor our communications and services, including preventing you from receiving unwanted material
Aggregated or meta data may be used to identify trends and for gap analysis. In these instances, the data will be anonymised and not attributable to a particular person

Information Retention

We will not keep personal information for longer than is necessary. However, the length of time information is retained will depend on the type of information and the contractual relationship we have with you. Our record retention policy is regularly reviewed and updated to ensure we anonymise or delete information that is no longer required.

Third parties we work with

Personal information will be shared with our third parties where necessary to:
  • Fulfil our contract for product and service delivery
  • Service financial agreements
  • Where you have opted in to receive marketing material from our third parties
We employ a robust due diligence process when choosing to work with a third-party. This includes ensuring they have the same high standards in processing your data as we do. We have contracts in place with our data processors. This means that they cannot do anything with your personal information unless we have instructed them to do it, which will always be in line with this Policy They will not share your personal information with any organisation apart from us. They will hold it securely and retain it for the period we instruct. Should you require details of any of our third parties and their privacy policies, these can be requested by contacting our Customer Services:

Additional disclosures

We may disclose information about our customers to any of our employees, officers, agents, suppliers or subcontractors insofar as reasonably necessary for the purposes set out in this privacy policy. In addition, we may disclose information in the following circumstances:
  • When we are required to do so by law
  • In connection with legal proceedings or prospective legal proceedings
  • To establish, exercise or defend our legal rights (Including providing information to others for the purposes of fraud prevention, anti-money laundering and reducing credit risk)
  • For the purposes of litigation
  • To provide regulatory bodies with reports if a breach in regulation occurs (customers will also receive notification of the details being provided prior to submission if there is any identifying data included within the report).
  • For the purposes of payment processing. We maintain full compliance with the Payment Card Industry Data Security Standard (PCI DSS). More information can be found at:
Except as specified in this privacy policy, we will not provide personal data information to third parties.

Third party websites

The Burlington Row website contains links to other websites. We are not responsible for the privacy policies or practices of third party websites.

Information transfer

We do not transfer information outside of the European Union unless it is relevant to our product or service and is specifically requested by you.

Additional information


Our websites may use a feature of your browser to set a “cookie” on your computer. Cookies are small packets of information that a website’s computer stores on your computer. Our websites can then read the cookies whenever you visit our site. We may use cookies in several ways, including: to save your password so you do not have to re-enter it each time you visit our site or to deliver content specific to your interests and to track the pages you’ve visited. These cookies allow us to use the information we collect to customise your experience so that your visit to our site is as relevant and as valuable to you as possible. Most browser software can be set up to deal with cookies. You may modify your browser preference to provide you with choices relating to cookies. You have the choice to accept all cookies, to be notified when a cookie is set or to reject all cookies. If you choose to reject cookies, certain functions and conveniences of our Web site may not work properly, and you may be unable to use those services that require registration in order to participate, or you will have to re-register each time you visit our site. Most browsers offer instructions on how to reset the browser to reject cookies in the “Help” section of the toolbar. We do not link non-personal information from cookies to personally identifiable information without your permission. We use Google Analytics to analyse the use of our websites. Google Analytics generates statistical and other information about website use by means of cookies, which are stored on users’ computers. The information generated relating to our website is used to create reports about the use of the website. Google will store this information. Google’s privacy policy is available at:

Security of personal information

We always take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of any personal data we hold on our systems. We will store all personal information provided to us on our secure (password-protected and firewall-protected) servers. Where we use a third party to provide us with these solutions, the third party is subject to additional data security checks which include confirmation the provider is a relevant International Organisation for Standardisation (ISO) Certificate holder and registered with the ICO. As part of our due diligence process we always review our third party’s privacy / data security policies prior to engaging them. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of data transmitted to us in this manner.

Policy Amendments

We may update this privacy policy from time to time by posting a new version on our website. You should check this page occasionally to ensure you are happy with any changes. If there is a fundamental change in the way we process your information, or if the lawful basis for our activity as a Data Controller changes, we will contact you directly.

Your rights

You may instruct us to provide you with any personal information we hold about you. Provision of such information is normally free of charge. You have the right to withdraw consent for us to use your personal information at any time. There may be instances where this is not practical or reasonable; for instance, where we have an ongoing contractual relationship with yourself. However, if for any reason we cannot facilitate a consent withdrawal, we will provide you with a full explanation including the lawful basis under which we would continue to use your information. The above does not include use of your information for marketing activity. If you have consented to receive marketing material you can remove this consent at any time. To withdraw consent to use your personal information in full or in part, contact our Customer Services: You have the right to raise a complaint about the use of your personal information with the Information Commissioner’s Office. Further details can be found at:

Updating your information

We have a responsibility to ensure the information we store about you is relevant and up to date. Please let us know if the personal information which we hold about you needs to be corrected or updated.


If you have any questions about this privacy policy or our treatment of your personal information, please contact Customer Services via email: Or write to us by post:
Burlington Row 4th Floor Tyndall St Cardiff CF10 4BQ Reviewed: 10th May 2024.